Copy link to clipboard
Copied
Copy link to clipboard
Copied
Copy link to clipboard
Copied
I am having the same issue. It does not look good when a search returns code like "select * from catagory...." in the search result page.
I looked at the expert exchange solution but it only strips the tags/html so basically the <cfquery> .. part is removed but the actual query "select * ... " still shows up on the results.
How can we remove such sql codes totally?
Copy link to clipboard
Copied
I'm surprised that I haven't been able to get any pointers on this.
Searching is an important part of site design and if CF is showing sql codes then it's not good from security standpoint.
I need to fix this! Anyone have any suggestions?
Copy link to clipboard
Copied
There are two ways Verity can index your CF pages (that I know of). One is to do it through the CF Admin Verity Collection and the other is the command line vspider.exe. I believe only the vspider will actually process your CF pages (processing your SQL as well) and the Verity Collection method in the CF Admin will only "read" your CF pages, this "reading" will just display what's in the pages (minus CF includes, etc.).
I could be wrong in this of course because I've learned by trial and error. My experience has been the CF community sites (this one, HOF and Dev Shed) are very slim on Verity help. So I'd say RTFM as much as you can. HTH
Copy link to clipboard
Copied
Haven't found anything in the manual.
I'm using verity collection and i guess the engine actually indexes the pages on the server itself ie. cfm pages on source level. When you do a search for the word "select" you can actually see the queries in the search results.
Hasn't anyone gone through this issue??
If there is not answer to this, what is a good alternative as far as keeping a search option in your site that searches throught the pages in your site?
Copy link to clipboard
Copied
You're able to query the Verity results themselves and exclude the SELECT statements.
SELECT *
FROM verity_results
WHERE CONTEXT NOT LIKE <cfqueryparam cfsqltype="cf_sql_char" value="%SELECT%" />
Copy link to clipboard
Copied
Whenever I've used Verity I've populated it via data, not page crawls - if your content pages contain SQL then SQL will be collated into Verity - no way around that - also every other piece of CF code as well.
A separation of content from logic (via MVC methods) would mean you could point verity at the content without seeing coldfusion code, or add the SQL code via cfinclude and leave the content pages as just content.
I have no easy way to fix it other than those suggestions really. If you intermingle content and logic this will happen.